Contact UsReport fraud or suspicious activity
Report a lost or stolen credit card
Email UsReport suspicious emails
Small Business Protection - Small Business Security Center
Switch to another Security Center:
Small Business Security Tips
Small businesses can protect themselves by making employee fraud prevention a priority. The following guidelines are essential for developing a fraud prevention program for your small business:
- Conduct employee background checks. Verify educational and employment history, as well as references, to ensure no previous history of fraud or other illegal activity exists. For employees that will manage company assets, it is especially important to conduct credit checks (if authorized by the candidate).
- Monitor account activity and statements. Reconcile and monitor account activity frequently to identify suspicious transactions. Turn off paper statements and sign up for Online Statements for your eligible accounts.
- Protect all accounting documents by securing under lock and key check stock, signature equipment, invoices and critical account information.
- Use only approved vendor listings. This can help with fighting billing schemes and dealing with phony invoices. Management should routinely check the list of approved vendors and look out for unknown vendors, vendor names that are similar to other known vendors, vendors with no physical address or phone number or vendors that match an employee's address.
- Centralize payroll check distribution. By centralizing payroll, management can help eliminate "ghost" employees; which include fictitious persons on the payroll, employees retained on the payroll that no longer work for the company, or friends or relatives of an employee.
- Implement dual controls. Institute dual control for high risk self-administration services. For example, the person writing the check should not be the person reconciling accounts and transactions.
- Create a fraud policy. Design, publish and implement a fraud policy that establishes expected employee conduct, prohibited actions, how fraud can be reported and the punishment for noncompliance.
- Train your employees in fraud prevention. Employees serve as the eyes and ears of a company and by ensuring that your staff is knowledgeable about basic fraud prevention techniques, you'll establish a first line of anti-fraud defense.
- Conduct routine and unannounced checks on high risk areas of your business, including the financial and inventory departments for vulnerabilities and possible fraudulent activities.
- Make employees go on vacations. Employees undertaking fraudulent activity may not take time off because they are fearful of someone catching on to their indiscretions. Ensure all employees take vacations so no one in the organization has physical in-person control over their area of responsibility each and every day of the year.
- Contact your business insurance provider and review your business insurance policy to determine if it provides coverage for employee dishonesty.
- If you notice suspicious activity on your Bank of the West accounts, call us at 1-800-488-2265.
FCC Small Business Cyber Planner: http://transition.fcc.gov/cyber/cyberplanner.pdf
What is Business Account Takeover?
Business account takeover occurs when criminals gain control of a business account by stealing the business- valid online banking credentials. The most common way that these cyber criminals gain access is by utilizing malware, commonly distributed via email links, phishing scams, social networking sites and malicious websites.
To obtain access to financial accounts, cyber criminals target employees, (often senior executives, accounting or HR personnel and business partners) and cause the targeted individual to spread malicious software (malware) which in turn steals personal information and log-in credentials.
Once the account is compromised, the cyber-criminal is able to electronically steal money from business accounts. Cyber criminals also use various attack methods to exploit check archiving and verification services that enable them to issue counterfeit checks, impersonate the customer over the phone to arrange funds transfers, mimic legitimate communication from the financial institution to verify transactions, create unauthorized wire transfers and ACH payments, or initiate other changes to the account. In addition to targeting account information, cyber criminals also seek to gain customer lists and/or proprietary information.
Steps your company can take to help prevent Business Account Takeover:
- Establish a business account risk management program.
- Perform a risk assessment on medium and high-risk business accounts.
- Perform an annual review of the funds transfer program, remote deposit capture program and other commercial online banking services.
- Enhance the security of your computer and networks.
- Minimize the number of, and restrict the functions for, computer workstations and laptops that are used for online banking and payments. A workstation used for online banking should not be used for general web browsing, emailing, and social networking.
- Conduct online banking and payments activity from at least one dedicated computer that is not used for other online activity.
- Do not leave computers with administrative privileges and/or computers with monetary functions unattended unless logged off or locked. Log off or turn off and lock up computers when not in use. Use/install and maintain spam filters.
- Educate your employees in fraud prevention.
- Bank of the West will never send customers emails asking for customer ID, User ID, passwords, credit card numbers, eImage ID or other sensitive information.
- Don't respond to or open attachments or click on links in unsolicited emails. If a message appears to be from your financial institution and requests account information, do not use any of the links provided.
- If you receive an email from an apparent legitimate source (such as the IRS, Better Business Bureau, Federal courts, UPS, etc.) contact the sender directly through other means to verify the authenticity. Be very wary of unsolicited or undesired email messages (also known as "spam") and the links contained in them.
- Be wary of pop-up messages claiming your machine is infected and offering software to scan and fix the problem, as it could actually be malicious software that allows the fraudster to remotely access and control your computer.
- Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. Ensure that all anti-virus and security software for all computer workstations and laptops, used for any online banking transactions is up to date and robust.
- Enhance the security of your business banking processes and protocols.
- Implement dual custody. Initiate online payments under dual control using two separate computers. Reduce the risk of fraud and promote security by requiring two different users, each with their own User ID and Password, to review and approve online transactions such as: Wire Transfers, ACH, External Account Transfers, Basic Payroll Payments and Tax Payments.
- Positive Pay. Help protect your company from theft and fraud by maintaining control of your disbursement process. Receive timely protection with alerts to potentially fraudulent items early each morning. Improve audit capabilities and save time verifying checks issued against checks paid.
- Monitor and reconcile transactions and accounts at least once daily.
- If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network.
- If you notice suspicious activity on your Bank of the West accounts, call us at 1-800-488-2265.
- Contact your local police and file a report.
Sound Business Practices for Financial Institutions to Mitigate Business Account Takeover: https://www.nacha.org/content/account-takeover-resource-center
Protect your company from financial losses by considering the following fraud tools and security tips.
- Use Positive Pay. Help protect your company from theft and fraud by maintaining control of your disbursement process. Positive pay systematically compares checks presented for payment to your issued-check files to detect serial numbers and dollar amounts that don't match.
- Use check stock that contains multiple security features. Examples of High security check features include: watermarks, heat sensitive ink, fluorescent fibers, micro printing, warning bands and chemical wash box.
- Establish tight controls over the storage and distribution of check stock. Maintain an inventory list and conduct audits. Shred checks and statements you no longer need.
- Ensure separation of duties. Check writers should not reconcile the accounts. Delegate separate individuals for invoicing and collecting and posting funds to Accounts Receivable. Conduct periodic reviews.
ACH and Wire Fraud
- Use an ACH debit block/filter to specify which companies are authorized to post ACH debits to your accounts. Automatically block companies that are not authorized. You can also set dollar-limit ceilings or block all ACH debits from posting.
- ACH transaction review. Review and confirm ACH debit and credit transactions that post to your account. Determine is if the transition in question is authorized and return any transactions that are not. Filter transactions you wish to review by setting review thresholds based on debits, credits, company ID and dollar amounts.
- Initiate ACH and wire payments under dual control, with one person originating the transaction and a separate individual authorizing (approving) the transaction before it is sent.
If you believe you are the victim of fraud or business identity theft, call Bank of the West immediately at
To report a lost or stolen credit card, call us at 1-800-996-2638.
If you've received a suspicious email, let us know by emailing us at:
Need more information on what to do in case of fraud?
Report Fraud or Business Identity Theft >